Shadow AI detection on the edge, complementing Purview DSPM.

The shadow AI problem in enterprises larger than 5,000 seats is well-mapped: oversharing audit, sensitivity labels, DLP enforcement, Microsoft Purview DSPM. The same problem in organizations between 50 and 1,000 seats is structurally identical and operationally unsolved — the governance budget that makes Purview work doesn't exist at this scale, and the shadow AI traffic happens anyway. This research stream builds the layer that fits.

Why edge compute is the right place for this

Endpoint-side detection (EDR, browser extension) lives close to the user but is brittle: bypassed by personal devices, browser switching, or new AI services the agent hasn't seen. Cloud-side detection (CASB, Purview DSPM) lives close to the data but is expensive and opaque to the SMB. The network egress point is the natural chokepoint: every AI service interaction passes through it, regardless of which device or browser made the request, and a passive listener at that point sees the whole picture without inserting itself into the user's workflow.

NVIDIA Jetson is the right hardware target because the inference work — pattern matching against a continuously-updating list of AI service signatures, regex over outbound payloads for credential and PII patterns — fits a small model on edge silicon and avoids the operational tax of routing every packet to a cloud-side analyzer.

What the device watches for

Three signal classes, each with a distinct response profile:

AI service usage. A continuously-maintained list of LLM and AI service indicators — domain patterns, TLS fingerprints, JSON structure tells — surfaces who is using what AI service from where. The output is a usage map: this department is on Claude, that team is on a free-tier OpenAI key from a personal account, marketing has been quietly running a niche image generator nobody reviewed. That map is the artifact compliance asks for.

Data exfiltration patterns. Outbound payloads are inspected for the markers that distinguish an intentional document upload (a single, deliberate request) from an exfiltration pattern (sustained transfer of structured data, multiple sensitive-class detections in a short window, payloads that look like CSVs or labeled documents). Pattern hits route to the security team, not the user, by design.

API credential exposure. API keys, OAuth tokens, and service-principal secrets pasted into AI chat windows are an underrated leak vector. The device flags them in transit, with the destination service identified. Remediation is on the security team's side — rotate the key, document the exposure — not in a user-blocking interception.

Why this complements Purview DSPM, doesn't replace it

Purview DSPM operates against the data inside the tenant. The edge gateway operates against the traffic leaving it. Different layers of the stack, different value drivers, different operational ownership. In the SMB profile, the edge gateway often runs alone — Purview DSPM is out of reach. In larger environments where Purview is in place, the edge gateway adds the leaving-the-tenant view that Purview doesn't have direct visibility into.

The deployment architecture is designed so the gateway's outputs (usage map, exfiltration alerts, credential exposures) can flow into Microsoft Sentinel where it exists, into a generic SIEM where it doesn't, and into a simple weekly digest in environments without a SOC at all. The device meets the organization where its operational posture actually is.

Status and access

Working device, deployment architecture documented, SMB-environment field tests planned. Research artifacts (architecture diagrams, signature library, pattern-matching ruleset) are not yet public. Access available on request.